这篇文章是继联盟链Quorum(基于raft共识)部署流程(一)的续篇,上一篇文章只是把基础的Quorum节点运行起来,但是隐私模块还没有部署上去,所以本篇主要内容是 Tessera。
我的演示系统环境时 Ubuntu 18.04 LTS。
环境要求:
jdk11 (ubuntu推荐安装方法:sudo apt install openjdk-11-jre-headless)
步骤1:
获取Tessera安装包
wget https://oss.sonatype.org/service/local/repositories/releases/content/com/jpmorgan/quorum/tessera-app/0.10.4/tessera-app-0.10.4-app.jar
或者直接访问https://github.com/jpmorganchase/tessera/releases下载文件tessera-app-0.**.*-app.jar
我是下载到/mnt/volume_nyc1_02目录下的,大家应该发现了,我的操作基本都是在/mnt/volume_nyc1_02目录下的,为了方便操作。
重命名down下来的tessera文件也是为方便操作
mv tessera-app-0.10.4-app.jar tessera.jar
步骤2:
接下来创建tessera数据存放文件夹
mkdir node1t
mkdir node2t
....
创建每个节点tessera的key文件并放在各个节点目录下,节点2,3,4一样照做
java -jar tessera.jar -keygen -filename t1
//t1是文件名,后面的两个提示是输入密码,成功后会获得两个文件t1.pub,t1.key
java -jar tessera.jar -keygen -filename t2
.....
mv t1.* node1t
//复制以t1.开头的文件到 node1t目录下
mv t2.* node2t
.....
步骤3:
接下来是要创建node1t(节点1Tessera模块)的配置文件node1t/config.json
{
"useWhiteList": false,
"jdbc": {
"username": "sa",
"password": "",
"url": "jdbc:h2:/mnt/volume_nyc1_02/node1t/db;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
"autoCreateTables": true
},
"serverConfigs":[
{
"app":"ThirdParty",
"enabled": true,
"serverAddress": "http://localhost:9081",
"communicationType" : "REST"
},
{
"app":"Q2T",
"enabled": true,
"serverAddress":"unix:/mnt/volume_nyc1_02/node1t/tm.ipc",
"communicationType" : "REST"
},
{
"app":"P2P",
"enabled": true,
"serverAddress":"http://localhost:9001",
"sslConfig": {
"tls": "OFF"
},
"communicationType" : "REST"
}
],
"peer": [
{
"url": "http://localhost:9001"
},
{
"url": "http://localhost:9002"
},
{
"url": "http://localhost:9003"
},
{
"url": "http://localhost:9004"
}
],
"keys": {
"passwords": [],
"keyData": [
{
"privateKeyPath": "/mnt/volume_nyc1_02/node1t/t1.key",
"publicKeyPath": "/mnt/volume_nyc1_02/node1t/t1.pub"
}
]
},
"alwaysSendTo": []
}
这里需要修改目录/mnt/volume_nyc1_02/node1t,这是我的目录,需要更换你的目录信息,peer里也是换上自己所有节点的ip+port,以及下面的keydata目录
步骤4:
启动对应节点1的Tessera模块
cd node1t
java -jar ../tessera.jar -configfile config.json >> tessera.log 2>&1 &
查看node1t目录,如果有tm.ipc,说明启动运行成功了
步骤5:
接下来修改节点1的启动文件 startnode1.sh
PRIVATE_CONFIG=/mnt/volume_nyc1_02/node1t/tm.ipc nohup geth --datadir node1 --nodiscover --verbosity 5 --networkid 31337 --raft --raftport 50001 --rpc --rpcaddr 0.0.0.0 --rpcport 22001 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,raft --emitcheckpoints --port 21001 >> node1.log 2>&1 &
更换原目录下的ignore 为tm.ipc的文件地址
执行node1下的startnode.sh文件重启节点1,特别说明:如果遇到服务器重启,需要先启动tessera程序,知道出现tm.ipc文件生成,在执行startnode.sh文件启动节点即可。
部署其他节点,其实就是重复步骤5开始就不细说了。
下面展示一个我的节点2的config.json供大家参考,方便大家后面修改
{
"useWhiteList": false,
"jdbc": {
"username": "sa",
"password": "",
"url": "jdbc:h2:/mnt/volume_nyc1_02/node2t/db;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
"autoCreateTables": true
},
"serverConfigs":[
{
"app":"ThirdParty",
"enabled": true,
"serverAddress": "http://localhost:9082",
"communicationType" : "REST"
},
{
"app":"Q2T",
"enabled": true,
"serverAddress":"unix:/mnt/volume_nyc1_02/node2t/tm.ipc",
"communicationType" : "REST"
},
{
"app":"P2P",
"enabled": true,
"serverAddress":"http://localhost:9002",
"sslConfig": {
"tls": "OFF"
},
"communicationType" : "REST"
}
],
"peer": [
{
"url": "http://localhost:9001"
},
{
"url": "http://localhost:9002"
},
{
"url": "http://localhost:9003"
},
{
"url": "http://localhost:9004"
}
],
"keys": {
"passwords": [],
"keyData": [
{
"privateKeyPath": "/mnt/volume_nyc1_02/node2t/t2.key",
"publicKeyPath": "/mnt/volume_nyc1_02/node2t/t2.pub"
}
]
},
"alwaysSendTo": []
}
下面是节点2的startnode.sh修改信息
PRIVATE_CONFIG=/mnt/volume_nyc1_02/node2t/tm.ipc nohup geth --datadir node1 --nodiscover --verbosity 5 --networkid 31337 --raft --raftport 50002 --rpc --rpcaddr 0.0.0.0 --rpcport 22002 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,raft --emitcheckpoints --port 21002 >> node2.log 2>&1 &
4个节点都部署完之后就可以测试部署结果。
现在拿节点1跟节点2来做一个测试,测试隐私管理是否部署成功和Quorum链运行是否成功。
步骤6:
获取节点2的Tessera公钥node2t/t2.pub内容
cat node2t/2t.pub
zVmaEIIjS8bJuUP5cZ1H/+wA4KQp51dUk28FUYnpUX0=
还是在/mnt/volume_nyc1_02/目录下,创建一个private-contract.js的文件
a = eth.accounts[0]
web3.eth.defaultAccount = a;
// abi and bytecode generated from simplestorage.sol:
// > solcjs --bin --abi simplestorage.sol
var abi = [{"constant":true,"inputs":[],"name":"storedData","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function"},{"constant":false,"inputs":[{"name":"x","type":"uint256"}],"name":"set","outputs":[],"payable":false,"type":"function"},{"constant":true,"inputs":[],"name":"get","outputs":[{"name":"retVal","type":"uint256"}],"payable":false,"type":"function"},{"inputs":[{"name":"initVal","type":"uint256"}],"payable":false,"type":"constructor"}];
var bytecode = "0x6060604052341561000f57600080fd5b604051602080610149833981016040528080519060200190919050505b806000819055505b505b610104806100456000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632a1afcd914605157806360fe47b11460775780636d4ce63c146097575b600080fd5b3415605b57600080fd5b606160bd565b6040518082815260200191505060405180910390f35b3415608157600080fd5b6095600480803590602001909190505060c3565b005b341560a157600080fd5b60a760ce565b6040518082815260200191505060405180910390f35b60005481565b806000819055505b50565b6000805490505b905600a165627a7a72305820d5851baab720bba574474de3d09dbeaabc674a15f4dd93b974908476542c23f00029";
var simpleContract = web3.eth.contract(abi);
var simple = simpleContract.new(42, {from:web3.eth.accounts[0], data: bytecode, gas: 0x47b760, privateFor: ["zVmaEIIjS8bJuUP5cZ1H/+wA4KQp51dUk28FUYnpUX0="]}, function(e, contract) {
if (e) {
console.log("err creating contract", e);
} else {
if (!contract.address) {
console.log("Contract transaction send: TransactionHash: " + contract.transactionHash + " waiting to be mined...");
} else {
console.log("Contract mined! Address: " + contract.address);
console.log(contract);
}
}
});
修改privateFor值为自己刚刚获取的节点2的Tessera的公钥
步骤7:
打开节点的geth控制台,执行以下内容
geth attach node1/geth.ipc
> personal.unlockAccount(eth.accounts[0])
Unlock account 0xbb9ef512675df6d2c1f7874c259143d9e660ce2d
Passphrase: //输入创建刚账户的密码
true //返回true为成功,必须成功才能继续下面的操作
> loadScript("private-contract.js") //加载private-contract.js,部署合约
Contract transaction send: TransactionHash: 0x2470656d4c8fd21b6442247703d1b27e58f88e7e5d8dae0e6b6bbb42ba6390ff waiting to be mined...
true //返回true,合约部署成功
> Contract mined! Address: 0x688581d60e57148fcc81e48c4ce152001c25dbec
那么Tessera隐私管理器也部署完成了。
到这里其实我们的Quorum链已经全部部署完成链,但是为了方便我们的日常开发,我们还需要一个简单的区块链浏览器,这样可以方便许多查询工作等等。
下一章联盟链Quorum(基于raft共识)部署流程(三)- 部署基于Quorum链的区块链浏览器,我会演示关于在本机部署一个简单区块链浏览器流程。